Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
A vulnerability exists which allows an authenticated attacker to access sensitive information on the AirWave Management Platform web-based management interface. Successful exploitation allows the attacker to gain access to some data that could be further exploited to laterally access devices managed and monitored by the AirWave server.
AnalysisAI
A vulnerability exists which allows an authenticated attacker to access sensitive information on the AirWave Management Platform web-based management interface. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Technical ContextAI
A vulnerability exists which allows an authenticated attacker to access sensitive information on the AirWave Management Platform web-based management interface. Successful exploitation allows the attacker to gain access to some data that could be further exploited to laterally access devices managed and monitored by the AirWave server. Affected products include: Arubanetworks Airwave.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
The web interface in Aruba Networks AirWave before 7.7.14 and 8.x before 8.0.5 allows remote authenticated users to gain
A remote unauthorized access vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.1
A remote unauthorized access vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.1
A remote insecure deserialization vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to
A remote unauthenticated cross-site request forgery (csrf) vulnerability was discovered in Aruba AirWave Management Plat
A remote unauthenticated cross-site request forgery (csrf) vulnerability was discovered in Aruba AirWave Management Plat
Vulnerabilities in the AirWave Management Platform web-based management interface exist which expose some URLs to a lack
Vulnerabilities in the AirWave Management Platform web-based management interface exist which expose some URLs to a lack
Vulnerabilities in the AirWave Management Platform web-based management interface exist which expose some URLs to a lack
A remote XML external entity vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.1
A remote XML external entity vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.1
A remote SQL injection vulnerability was discovered in Aruba AirWave Management Platform version(s) prior to 8.2.12.1. R
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today